O'Reilly logo

Secure Programming with Static Analysis by Jacob West, Brian Chess

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

9. Web Applications

I need new ideas for the web. People are already getting sick of reading the word “SOME PIG!”

–E. B. WHITE, CHARLOTTE’S WEB

This chapter focuses on building Web applications in Java. Writing secure Web applications is challenging in any language. We focus on Java both because it is commonly used and because Java’s class library makes it easy to give brief examples of good and bad Web-facing code. Web applications are tricky for a number of reasons:

• Users have easy access to the application, so malicious users have easy access to the application, too. There’s no way to know beforehand that a request will be benign.

• The HTTP protocol was not designed for applications—and certainly not for secure applications. HTTP creates ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required